About the nmap NVT the simple answer is to reduce the number of ports tested. The more complex answer is to understand how nmap works, specially the type of TCP scan and the timing and performance parameters (go to the site Nmap Reference Guide and see chapters Port Scanning Techniques and Timing and Performance). I use OpenVAS 8 and by default the nmap NVT has very loose timing parameters with in a network with firewalls can generate scans with long durations. I would check the configs TCP scan method and Timing template. As for the ports tested in my opinion that depends on general knowledge and the type of servers you are testing in the network. For example you should check ports with well known services and malware but you can skip those used by very specific services that are not used by the machines in your network. This depends on the knowledge you have on the network and on the importance and exposure of the servers tested.
About blacklisting NVTs i think that it is always a manual process, remember that you have a way to limit the NVT execution time. The default is 5 minutes i think. Fabio > No dia 22/07/2017, às 01:13, Matthew Hall <[email protected]> escreveu: > > Hello, > > Is there a simpler, or more elegant way to disable or blacklist certain NVTs > using the file system or the OMP Protocol commands or flags / settings on a > scan? > > I am trying to disable a few NVTs which are getting "stuck" during my scans, > without having to try and totally rebuild the 'Full and fast ultimate' or > other various scan profiles over some tiny number of glitchy NVTs. > > Also, is there anything you can do to speed up the run time of > /var/lib/openvas/plugins/nmap.nasl without missing too much important stuff? > Some of these various items take a really long time even in my small subnet, > so I'm trying to see how I can make this process more efficient. If anybody > has some data or docs I should read about optimizing the scan performance, > that > would be a huge help. > > Thanks, > Matthew. > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
